NEW QUESTION 1You want to manage a FortiCloud service. The FortiGate shows up in your list devices on the FortiCloud web site, but all management functions are either missing or grayed out. Which statement is correct in this scenario?

A. The managed FortiGate is running a version of FortiOS that is either too new or too old for FortiCloud.B. The managed FortiGate requires that a FortiCloud management license be purchased and applied.C. You must manually configure system control management on the FortiGate CLI and set the management type to FortiGuard.D. The management tunnel mode on the managed FortiGate must be changed to normal.

Answer: C

NEW QUESTION 2You are asked to add a FortiDDoS to the network to combat detected slow connection attacks such as Slowloris. Which prevention mode on FortiDDoS will protect you against this specific type of attack?

NEW QUESTION 3An old router has been replaced by a FortiWAN device. The routers management IP address and now the network administrator want to remove the old router from the FortiSIEM configuration. Which two statements are true about this operation? (Choose two.)

A. FortiSIEM will discover a new device for the FortiWAN with the same IP.B. The old router will be completely deleted from FortiSIEM’s CMDB.C. FortiSIEM needs a special syslog for FortiWAN.D. FortiSEIM will move the old router device into the Decommission folder.

Answer: CD

NEW QUESTION 4You have a customer experiencing problem with a legacy L3/L4 firewall device and IPv6 SIP VoIP traffic. The device is dropping SIP packets, consequently, it process SIP voice calls. Which solution would solve the customer’s problem?

A. Deploy a FortiVoice and enable IPv6 SIP.B. Replace their legacy device with a FortiGate and configure it to extract information from the body of the IPv6 packet.C. Deploy a FotiVoice and enable an IPv6 SIP session helper.D. Replace their legacy device with a FortiGate and deploy a FortiVoice to extract information from the body of the IPv6 SIP packet.

Answer: A

NEW QUESTION 5A company has just deployed a new FortiMail in gateway mode. The administrator is asked to strengthen e-mail protection by applying the policies shown below:– E-mails can only be accepted if a valid e-mail account exists.– Only authenticated users can send e-mails out.Which two actions will satisfy the requirements? (Choose two.)

NEW QUESTION 6You must create a high availability deployment with two FortiWebs in Amazon Services (AWS), each on different Availability Zones (AZ) from the same region. At the same time, each FortiWeb should be able to deliver content from the web server of both of the AZs. Which deployment would satisfy this requirement?

A. Configure the FortiWebs in Active-Active HA mode and use AWS Router 53 to load balance for the internal Web servers.B. Configure the FortiWebs in Active-Active HA mode and use AWS Elastic Load Balancer (ELB) for the internal Web servers.C. Use AWS Router 53 to load balance for FortiWebs in standalone mode and use AWS Virtual Private Cloud (VPC) peering to load balance for the internal Web servers.D. Use AWS Elastic Load Balancer (ELB) for both FortiWebs in standalone mode and put the internal Web servers in an ELB sandwich.

Answer: C

NEW QUESTION 7You are administrating the FortiGate 5000 and FortiGate 7000 series products. You want to access the HTTPS GU of the blade located in logical slot of the secondary chassis in a high-availability cluster. Which URL will accomplish this task?

NEW QUESTION 8An organization has one central site and three remote sites. A FortiSIEM has been drafted on the central site and now all devices across the remote sites need to be monitored by the FortiSIEM. Which action would reduce the WAN usage by the monitoring system?

A. Deploy a single Supervisor on the central site and enable WAN optimize on the WAN gateways.B. Install Local Collector on remote sites.C. Disable monitoring on the remote sites during the day.D. Install a Supervisor and a Collector for each remote site.

Answer: C

NEW QUESTION 9A customer wants to enable SYN Rood mitigation in a FortiDDoS device. The FortiDDoS must reply with one SYN/ACK packet per SYN packet from a new source IP address. Which SYN flood mitigation mode must the customer use?

A. SYN cookieB. SYN/ACK cookieC. ACK cookieD. SYN retransmission

Answer: A

NEW QUESTION 10Your client wants to use a central RADIUS server for management authentication when connecting to the FortiGate GUI and provide different levels of access for different types of employees. Which three actions required providing the requested functionality? (Choose three.)

A. Enable radius-vdom-override in the CLI.B. Create a wildcard administrator on the FortiGate.C. Enable occprofile-override in the CLI.D. Set the RADIUS authencation type to MS-CHAPv2.E. Create multiple administrator profiles with matching RADIUS VSAs.